package com.aimei.user.aop;

//import tv.cp58.www.project.modules.worker.config.RolePermission;

/*使用切面对权限做更加细粒度的控制，只有相应角色的用户才能调用一下接口，该接口部分地址不对，需要修改*/
//@Aspect
//@Component
public class RoleAopControl {
      /* @Pointcut(value = "execution(* tv.cp58.www.project.modules.*.controller..*.*(..))")
       public void controller() {

       }

       @Around("controller()")
       public Object introcepter(ProceedingJoinPoint pjp) throws Throwable {
              Signature signature = pjp.getSignature();
              MethodSignature methodSignature = ( MethodSignature ) signature;
              Method targetMethod = methodSignature.getMethod();
              if ( targetMethod.isAnnotationPresent(RolePermission.class) ) {
                     //获取方法上注解中表明的权限
                     RolePermission permission = targetMethod.getAnnotation(RolePermission.class);
                     String roles[] = permission.roles();
                     List<String> roleList = new ArrayList<>();
                     for ( String ss : roles ) {
                            roleList.add(ss);
                     }
                     //获取当前用户拥有的权限
                     User user = RequestUtil.getUser();
                     if ( user == null ) {
                            throw new Exception("User is null");
                     }
                     List<String> userRoles = user.getUserRoles();
                     for ( String role : userRoles ) {
                            if ( roleList.contains(role) ) {
                                   //如果当前用户拥有的权限包含方法注解上的权限,则执行被拦截到的方法
                                   return pjp.proceed();
                            }
                     }
                     //如果没有权限,抛出异常,由Spring框架捕获,跳转到错误页面
                     throw new Exception("The role have no right to use the API");
              }
              //*普通方法无需权限控制*//*
              return pjp.proceed();
       }*/
}
